Microsoft Releases March 2025 Patches
Microsoft has released software updates as part of its March 2025 Patch Tuesday. The updates fix 57 security vulnerabilities in total, including 6 zero-day vulnerabilities that are being actively exploited.
The breakdown of the vulnerabilities are as follows:
23 privilege escalation
3 security feature bypass
23 remote code execution
4 information disclosure
1 denial of service
3 spoofing
The actively exploited vulnerabilities are as follows:
CVE-2025-24983 - vulnerability in Windows Win32 Kernel System that can lead to escalation of privilege
CVE-2025-24984 - vulnerability in Windows NTFS that can lead to information disclosure
CVE-2025-24985 - vulnerability in Windows Fast FAT File System Driver that can lead to remote code execution
CVE-2025-24991 - vulnerability in Windows NTFS that can lead to information disclosure
CVE-2025-24993 - vulnerability in Windows NTFS that can lead to remote code execution
CVE-2025-26633 - vulnerability in Microsoft Management Console that can lead to security feature bypass
Why You Should Care?
Zero-day vulnerabilities are vulnerabilities where a flaw has been identified but there was no fix for the flaw, which means attackers will try to exploit as many targets as possible before users fix the vulnerability. This makes it extra dangerous, and needs to be addressed as soon as possible.
In this case, six zero-day vulnerabilities are already being exploited, which means it is only a matter of time before the attackers compromise your business. Now that patches are available, it is critical to apply the patches as soon as possible to avoid getting compromised.
What Should You Do?
Test the patches ASAP at your organization, and make sure it does not break any business applications
Prioritize patching the 6 actively exploited zero-days
Roll out the rest of the Patch Tuesday updates
References
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2025-patch-tuesday-fixes-7-zero-days-57-flaws/